Signature Detail
Short Name |
HTTP:IIS:HTR-ASP-CODE-DISC |
|---|---|
Severity |
Medium |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
IIS .HTR ASP Source Code Disclosure |
Release Date |
2006/10/19 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: IIS .HTR ASP Source Code Disclosure
This signature detects attempts to exploit a known vulnerability against Microsoft Internet Information Server (IIS) versions 4.0 and 5.0. Attackers can send a malformed request and obtain server-side ASP source code.
Extended Description
Microsoft IIS 4.0 and 5.0 can be made to disclose fragments of source code which should otherwise be inaccessible. This is done by appending "+.htr" to a request for a known .asp (or .asa, .ini, etc) file. Appending this string causes the request to be handled by ISM.DLL, which then strips the +.htr string and may disclose part or all of the source of the .asp file specified in the request. There has been a report that source will be displayed up to the first '<%' encountered - '<%' and '%>' are server-side script delimiters. Pages which use the <script runat=server></script> delimiters instead will display the entire source, or up to any '<%' in the page. This vulnerability is a variant of a previously discovered vulnerability, BugTraq ID 1193.
Affected Products
- Microsoft IIS 4.0
- Microsoft IIS 4.0 Alpha
- Microsoft IIS 5.0
References